Problem downloading Malwarebytes and running Internet Explorer

bjd9e1 · July 17, 2013

I first noticed my computer was having problems when I couldn't open Internet Explorer (the browser would open and remain blank for a few seconds and then close). I am still able to use Google Chrome. When I went to download the malwarebytes free software, I encountered errors saying there was some sort of Class Registry error and then giving me a couple of Run-time errors. DDS and Attach logs are copied and pasted. Thank you in advance for any help.

Blake

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16635

Run by blakeandjen at 23:20:24 on 2013-07-16

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.2116 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\EasyBloom\EasyBloom.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - <orphaned>

BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - <orphaned>

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>

BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>

BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - <orphaned>

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>

uRun: [PlantSenseSysAgent] "C:\Program Files (x86)\EasyBloom\EasyBloom.exe"

uRun: [AROReminder] <no file>

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>

TCP: NameServer = 192.168.1.1 68.238.112.12

TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF} : DHCPNameServer = 192.168.1.1 68.238.112.12

TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF}\2416E616E61613F58747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF}\2425553454 : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76

TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF}\2427F6F6B63747F6E6567457563747 : DHCPNameServer = 64.89.70.2 64.89.74.2 4.2.2.1

TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF}\2494053475946494 : DHCPNameServer = 4.2.2.1 4.2.2.2

TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF}\34963736F61313337393 : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76

TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF}\4456C616E65697 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF}\4716D6160777563747 : DHCPNameServer = 192.168.1.1 192.168.1.1

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - <is not referencing any dll>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray

x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-25 98208]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-21 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-21 701512]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-25 1692480]

R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2011-12-9 11576]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-25 2656280]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-12-14 58128]

R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2010-12-14 274432]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-25 176096]

R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2010-12-14 59904]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-25 317440]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-4-26 25496]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-21 25928]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-25 82432]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-25 181760]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-25 412264]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-3-24 148360]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]

S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2011-11-12 24576]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-25 158976]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-4-26 34200]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-16 340240]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-25 250984]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-27 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-07-17 02:22:27 -------- d-----w- C:\Users\blakeandjen\AppData\Local\iLivid

2013-07-17 00:42:03 -------- d-----w- C:\Program Files (x86)\ARO 2013

2013-07-16 23:14:40 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F974DE05-D62B-44F1-91D0-AFCF6931FCB3}\mpengine.dll

2013-07-13 01:56:11 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll

2013-07-13 01:55:49 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-07-13 01:55:49 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-07-10 11:53:50 4249600 ----a-w- C:\Program Files (x86)\GUT40CD.tmp

2013-07-10 11:53:50 -------- d-----w- C:\Program Files (x86)\GUM40CC.tmp

.

==================== Find3M ====================

.

2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-06-01 18:21:16 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs

2013-06-01 18:21:16 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-05-06 11:29:18 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

.

============= FINISH: 23:20:40.08 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/24/2011 2:53:50 PM

System Uptime: 7/16/2013 10:39:02 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0YH79Y

Processor: Intel® Core i3-2330M CPU @ 2.20GHz | CPU | 2200/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 577 GiB total, 486.139 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP164: 6/25/2013 7:32:16 AM - Windows Update

RP165: 6/28/2013 7:09:41 PM - Windows Update

RP166: 7/2/2013 7:11:13 AM - Windows Update

RP167: 7/5/2013 2:58:43 PM - Windows Update

RP168: 7/12/2013 9:55:52 PM - Windows Update

RP169: 7/13/2013 6:28:21 AM - Windows Update

RP170: 7/16/2013 7:13:34 PM - Windows Update

RP171: 7/16/2013 8:14:08 PM - Restore Operation

RP172: 7/16/2013 10:29:59 PM - Windows Modules Installer

RP173: 7/16/2013 10:37:12 PM - Windows Modules Installer

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Digital Editions 2.0

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.1) MUI

Advanced Audio FX Engine

ARO 2013

Banctec Service Agreement

Bing Rewards Client Installer

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Complete Care Business Service Agreement

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Digital Delivery

Dell Edoc Viewer

Dell Touchpad

Dell VideoStage

Dell Webcam Central

EasyBloom Companion

eBay

FASTT Math

File Uploader

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

H&R Block Basic + Efile 2011

H&R Block Basic + Efile 2012

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless Software for Bluetooth® Technology

Intel® PROSet/Wireless WiFi Software

Intel® WiDi

Intel® Wireless Display

Java Auto Updater

Java 6 Update 24

Java 6 Update 24 (64-bit)

Junk Mail filter update

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

MSVCRT

MSVCRT_amd64

Nikon Message Center

Nikon Transfer

Picture Control Utility

Realtek High Definition Audio Driver

Samsung ML-1740 Series

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

SketchUp 8

Skype Toolbars

Skype™ 5.10

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update Installer for WildTangent Games App

ViewNX

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zinio Reader 4

Zoo Tycoon 2 - Zookeeper Collection

Zoo Tycoon2 - Marine Mania Demo

.

==== Event Viewer Messages From Past Week ========

.

7/16/2013 9:25:32 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{93eb1377-e766-11e0-9583-806e6f6e6963}\System Volume Information\SystemRestore\New-software' was corrupted and it has been recovered. Some data might have been lost.

7/16/2013 9:25:05 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

7/16/2013 9:25:05 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.

7/16/2013 9:25:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

7/16/2013 9:01:22 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147024882

7/16/2013 9:00:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

7/16/2013 8:59:35 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/16/2013 8:59:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/16/2013 8:59:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/16/2013 8:59:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/16/2013 8:59:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/16/2013 8:59:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/16/2013 8:59:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/16/2013 8:59:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

7/16/2013 8:59:13 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/16/2013 8:59:13 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/16/2013 8:59:13 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/16/2013 8:59:13 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/16/2013 8:59:13 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/16/2013 8:59:13 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

7/16/2013 8:59:13 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/16/2013 8:59:13 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/16/2013 8:59:13 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/16/2013 8:59:13 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/16/2013 8:59:13 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

7/16/2013 10:41:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.

7/16/2013 10:41:36 PM, Error: Service Control Manager [7000] - The Dell Digital Delivery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/16/2013 10:39:20 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.

7/14/2013 3:28:07 PM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

7/14/2013 3:26:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

.

==== End Of File ===========================

AdvancedSetup · July 17, 2013

Hello and :welcome:

Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.
Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.
Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please download ERUNT from one of the following links: Link1 | Link2 | Link3
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Double click on erunt-setup.exe to Install ERUNT by following the prompts.
NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup.
- Note: the default location is C:\Windows\ERDNT which is acceptable.
Make sure that at least the first two check boxes are selected.
Click on OK
Then click on YES to create the folder.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

RogueKiller 32-bit | RogueKiller 64-bit
Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Please download AdwCleaner by Xplode to your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
If prompted by the User Account Control click Yes to allow it to run.
Under Actions click on the Delete button.
Click OK on all prompts.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the entire contents of that logfile to your next reply.
You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.

STEP 06

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click Scan
Wait for the scan to finish
If any threats were found, click the 'List of found threats' , then click Export to text file....
Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

bjd9e1 · July 17, 2013

Hi and thank you for your help. I was able to do most of what you asked, but I could not get the Junkware Removal Tool to download and run. Also, I can't seem to get the "Choose File" attachment feature working, and so I've copied and pasted all of the text files instead of attaching them. If there is a way for me to send you the .txt files other than attaching them, please let me know. Also, because all of the copy and pasting made my reply too long, I've copied and pasted the 2 Farbar Recovery Scan Tool logs to my next reply instead of pasting them below.

I also encountered some error messages during some of the steps, which I've outlined below:

#1: ERUNT: This worked, but I got the following message during the download process:

CoCreateInstance failed; code 0x80040154

#2: RogueKiller: Worked fine - log copied and pasted below

#3: Malwarebytes Anti-Rootkit: This eventually worked, but I got the following message when I first tried to run the program:

C:\Users\blakeandjen\Downloads\mbar-1.06.0.1004.zip

Class not registered

This "Class not registered" message is a common message I have been receiving lately when I try to download things. I did a search for the mbar.exe file and was able to find it on my computer, and so I was eventually able to get this to work. 2 threats were found on the first scan, which I cleaned up, and then I ran a second scan, which was clean. 2 logs copied and pasted below.

#4: Junkware Removal Tool: I could not get this to work. I got a message "Non 7-Zip archive" after my first download. When I tried to run the .exe, a black DOS box would open and quickly shut, and nothing happened. I tried to download the file 3 times but got the same vanishing DOS box each time.

#5: AdwCleaner: Worked fine - log copied and pasted below

#6: ESET Online Scanner: Had to download an extra .exe file to get this to run in Google Chrome because my Internet Explorer is not working for some reason. 30 threats were found, but when I tried to click on the link to export them to a text file, the link did not work. I therefore re-typed the list on the attached ESET Results.txt file. All 30 of the threats were identified as "variant of ___ application," with the 2 exceptions noted in brackets on the ESET Results.txt file (one trojan, one "multiple threats")

#7: Farbar Recovery Scan Tool: Worked fine - FRST.txt and Addition.txt are copied and pasted in my next reply

----------------------

#2: Rogue Killer: RK Report.Txt:

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : blakeandjen [Admin rights]

Mode : Scan -- Date : 07/17/2013 07:38:30

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤

[V2][ROGUE ST] 4772 : wscript.exe - C:\Users\BLAKEA~1\AppData\Local\Temp\launchie.vbs //B -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BPVT-75HXZT3 +++++

--- User ---

[MBR] 766f35feb751050c1141c93f447de2a9

[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 590375 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_07172013_073830.txt >>

-------------------------------------

#3: Malwarebytes Anti-Rootkit

mbar-log.txt:

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

www.malwarebytes.org

Database version: v2013.07.17.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

blakeandjen :: BLAKEANDJEN-PC [administrator]

7/17/2013 7:41:54 AM

mbar-log-2013-07-17 (07-41-54).txt

Scan type: Quick scan

Scan options disabled: PUP

Objects scanned: 237484

Time elapsed: 21 minute(s), 46 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

c:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_036\google-sketchup_V.157926468a.exe (Adware.DomaIQ) -> Delete on reboot.

c:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_037\google-sketchup_keyword=google sketchup&source=48956-2001.exe (Adware.DomaIQ) -> Delete on reboot.

Physical Sectors Detected: 0

(No malicious items detected)

(end)

--------------------------------

#3: Malwarebytes Anti-Rootkit

system-log.txt:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16635

Java version: 1.6.0_24

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.192000 GHz

Memory total: 4204969984, free: 2331623424

Downloaded database version: v2013.07.17.04

Downloaded database version: v2013.07.15.01

Initializing...

------------ Kernel report ------------

07/17/2013 07:41:50

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\ctxusbm.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\NETwNs64.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\Apfiltr.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\iwdbus.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\system32\DRIVERS\iBtFltCoex.sys

\SystemRoot\system32\DRIVERS\btmhsf.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\btmaux.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\??\C:\Windows\system32\Drivers\SSPORT.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\advapi32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\gdi32.dll

\Windows\System32\msctf.dll

\Windows\System32\wininet.dll

\Windows\System32\imm32.dll

\Windows\System32\nsi.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\difxapi.dll

\Windows\System32\comdlg32.dll

\Windows\System32\clbcatq.dll

\Windows\System32\ws2_32.dll

\Windows\System32\sechost.dll

\Windows\System32\setupapi.dll

\Windows\System32\kernel32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\urlmon.dll

\Windows\System32\ole32.dll

\Windows\System32\usp10.dll

\Windows\System32\psapi.dll

\Windows\System32\imagehlp.dll

\Windows\System32\shell32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\lpk.dll

\Windows\System32\normaliz.dll

\Windows\System32\user32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\iertutil.dll

\Windows\System32\comctl32.dll

\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

\Windows\System32\KernelBase.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

\Windows\System32\wintrust.dll

\Windows\System32\crypt32.dll

\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80065ff060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa800474b050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80065ff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80065ffb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80065ff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800474b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 7F2837E

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 208782

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 212992 Numsec = 40960000

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 41172992 Numsec = 1209088688

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...

Done!

Infected: c:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_036\google-sketchup_V.157926468a.exe --> [Adware.DomaIQ]

Infected: c:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_037\google-sketchup_keyword=google sketchup&source=48956-2001.exe --> [Adware.DomaIQ]

Scan finished

Creating System Restore point...

Could not create restore point...

Cleaning up...

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_212992_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16635

Java version: 1.6.0_24

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.192000 GHz

Memory total: 4204969984, free: 2905841664

Initializing...

------------ Kernel report ------------

07/17/2013 08:08:18

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\ctxusbm.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\NETwNs64.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\Apfiltr.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\iwdbus.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\system32\DRIVERS\iBtFltCoex.sys

\SystemRoot\system32\DRIVERS\btmhsf.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\btmaux.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\??\C:\Windows\system32\Drivers\SSPORT.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\spsys.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\Wldap32.dll

\Windows\System32\shell32.dll

\Windows\System32\ole32.dll

\Windows\System32\sechost.dll

\Windows\System32\user32.dll

\Windows\System32\urlmon.dll

\Windows\System32\usp10.dll

\Windows\System32\setupapi.dll

\Windows\System32\iertutil.dll

\Windows\System32\shlwapi.dll

\Windows\System32\lpk.dll

\Windows\System32\kernel32.dll

\Windows\System32\gdi32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\psapi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\advapi32.dll

\Windows\System32\imm32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\difxapi.dll

\Windows\System32\msctf.dll

\Windows\System32\msvcrt.dll

\Windows\System32\imagehlp.dll

\Windows\System32\wininet.dll

\Windows\System32\normaliz.dll

\Windows\System32\ws2_32.dll

\Windows\System32\nsi.dll

\Windows\System32\oleaut32.dll

\Windows\System32\crypt32.dll

\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

\Windows\System32\comctl32.dll

\Windows\System32\wintrust.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

\Windows\System32\devobj.dll

\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

\Windows\System32\KernelBase.dll

\Windows\System32\msasn1.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80065e1060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8004713050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80065e1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80065e1ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80065e1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004713050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 7F2837E

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 208782

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 212992 Numsec = 40960000

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 41172992 Numsec = 1209088688

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_212992_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

-----------------------------

#5: AdwCleaner[s1].txt:

# AdwCleaner v2.305 - Logfile created 07/17/2013 at 11:08:24

# Updated 11/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : blakeandjen - BLAKEANDJEN-PC

# Boot Mode : Normal

# Running from : C:\Users\blakeandjen\Downloads\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\BabylonToolbar

Deleted on reboot : C:\Program Files (x86)\Conduit

Deleted on reboot : C:\Program Files (x86)\Giant Savings

Deleted on reboot : C:\Program Files (x86)\SpecialSavings

Deleted on reboot : C:\ProgramData\Babylon

Deleted on reboot : C:\ProgramData\PC Optimizer Pro

Deleted on reboot : C:\ProgramData\Sidekick Manager

Deleted on reboot : C:\ProgramData\Tarma Installer

Deleted on reboot : C:\Users\BLAKEA~1\AppData\Local\Temp\{f34c9277-6577-4dff-b2d7-7d58092f272f}

Deleted on reboot : C:\Users\blakeandjen\AppData\Local\Conduit

Deleted on reboot : C:\Users\blakeandjen\AppData\Local\Giant Savings

Deleted on reboot : C:\Users\blakeandjen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kencldgjnaahnmjacapepbaikkkipojm

Deleted on reboot : C:\Users\blakeandjen\AppData\Local\Ilivid

Deleted on reboot : C:\Users\blakeandjen\AppData\Local\Savings Sidekick

Deleted on reboot : C:\Users\blakeandjen\AppData\Local\SwvUpdater

Deleted on reboot : C:\Users\blakeandjen\AppData\LocalLow\BabylonToolbar

Deleted on reboot : C:\Users\blakeandjen\AppData\LocalLow\Conduit

Deleted on reboot : C:\Users\blakeandjen\AppData\LocalLow\PriceGong

Deleted on reboot : C:\Users\blakeandjen\AppData\Roaming\Babylon

Deleted on reboot : C:\Users\blakeandjen\AppData\Roaming\BabylonToolbar

Deleted on reboot : C:\Users\blakeandjen\AppData\Roaming\OpenCandy

File Deleted : C:\END

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Default Tab

Key Deleted : HKCU\Software\Google\Chrome\Extensions\kencldgjnaahnmjacapepbaikkkipojm

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\pc optimizer pro

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287378

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Default Tab

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\Software\iLividSRTB

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kencldgjnaahnmjacapepbaikkkipojm

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\SOFTWARE\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

-\\ Google Chrome v28.0.1500.72

File : C:\Users\blakeandjen\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.31] : keyword = "search.conduit.com",

*************************

AdwCleaner[s1].txt - [7820 octets] - [17/07/2013 11:08:24]

########## EOF - C:\AdwCleaner[s1].txt - [7880 octets] ##########

----------------------------------------------------

#6: ESET results (I created this myself because I could not export results to a text file):

C:\$RECYCLE.BIN\S-1-5-21-118250649-317752561-2107411411-1000\$R94KAJD.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll

C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll

C:\Users\blakeandjen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000414

C:\Users\blakeandjen\AppData\Local\Temp\CReinstall_FLVPlayerSetup (1).exe

C:\Users\blakeandjen\AppData\Local\Temp\Main.class [Java/Exploit.CVE-2011-3544.BF trojan]

C:\Users\blakeandjen\AppData\Local\Temp\SingAlong.exe

C:\Users\blakeandjen\AppData\Local\Temp\YontooSetup-Silent.exe

C:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_036\setup__120.exe

C:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_036\software\setup__1185.exe

C:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_037\setup__120.exe

C:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_037\software\Addlyrics.exe

C:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_037\software\OptimizerPro.exe

C:\Users\blakeandjen\AppData\Local\Temp\ibtmpf564504\component_555.decrpt

C:\Users\blakeandjen\AppData\Local\Temp\ICReinstall\cnet2_zoo2trial_exe.exe

C:\Users\blakeandjen\AppData\Local\Temp\is1598539481\BuzzdockSetup-Silent.exe [multiple threats]

C:\Users\blakeandjen\AppData\Local\Temp\is87173921\MyBabylonTB.exe

C:\Users\blakeandjen\Downloads\ARO2013_tbt(1).exe

C:\Users\blakeandjen\Downloads\ARO2013_tbt.exe

C:\Users\blakeandjen\Downloads\cdbxp_setup_4.4.0.2905.exe

C:\Users\blakeandjen\Downloads\cnet2_zoo2trial_exe.exe

C:\Users\blakeandjen\Downloads\FLVPlayerSetup(1).exe

C:\Users\blakeandjen\Downloads\FLVPlayerSetup.exe

C:\Users\blakeandjen\Downloads\InternetExplore78and9repairscript32bit_downloader_byFileTrip (1).exe

C:\Users\blakeandjen\Downloads\InternetExplore78and9repairscript32bit_downloader_byFileTrip.exe

C:\Users\blakeandjen\Downloads\mplayer_tuguu_d1021461(1).exe

C:\Users\blakeandjen\Downloads\mplayer_tuguu_d1021461.exe

C:\Users\blakeandjen\Downloads\SoftonicDownloader_for_google-sketchup.exe

-------------------------------------------

bjd9e1 · July 17, 2013

Here are the 2 logs for the Farbar Recovery Scan Tool:

#7: Farbar Recovery Scan Tool

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02

Ran by blakeandjen (administrator) on 17-07-2013 17:30:00

Running from C:\Users\blakeandjen\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

(PlantSense, INC) C:\Program Files (x86)\EasyBloom\EasyBloom.exe

(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)

HKLM\...\Run: [intelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-16] (Intel® Corporation)

HKLM\...\Run: [bTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10222080 2010-12-14] (Intel Corporation)

HKCU\...\Run: [PlantSenseSysAgent] - C:\Program Files (x86)\EasyBloom\EasyBloom.exe [996704 2010-03-24] (PlantSense, INC)

HKCU\...\Run: [AROReminder] - [x]

MountPoints2: {93eb137a-e766-11e0-9583-806e6f6e6963} - D:\autorun.exe

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-09-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-30] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)

HKLM-x32\...\Run: [Nikon Transfer Monitor] - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)

HKLM-x32\...\Run: [ConnectionCenter] - "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [300472 2010-05-12] (Citrix Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {B0C1D5EE-3239-47D1-AF11-0E44E448BA25} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {B0C1D5EE-3239-47D1-AF11-0E44E448BA25} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: No Name - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File

BHO-x32: No Name - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File

BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File

BHO-x32: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File

BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - No File

Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - No File

Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - No File

Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - No File

Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - No File

Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - No File

Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - No File

Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - No File

Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - No File

Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - No File

Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - No File

Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - No File

Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - No File

Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - No File

Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - No File

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - No File

Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - No File

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - No File

Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - No File

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.112.12

Chrome:

=======

CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN77359230525433118&ctid=CT3287378&UM=2

CHR DefaultSuggestURL: (Conduit) - http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN77359230525433118&UM=2

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Google Talk Plugin) - C:\Users\blakeandjen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\blakeandjen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\blakeandjen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

CHR Extension: (Google Drive) - C:\Users\BLAKEA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\BLAKEA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\BLAKEA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\BLAKEA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0

CHR Extension: (Gmail) - C:\Users\BLAKEA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR Extension: () - C:\Users\BLAKEA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_3640_2287

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-16] ()

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]

==================== Drivers (Whitelisted) ====================

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)

S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-17 17:29 - 2013-07-17 17:29 - 01778209 _____ (Farbar) C:\Users\blakeandjen\Downloads\FRST64.exe

2013-07-17 17:29 - 2013-07-17 17:29 - 00000000 ____D C:\FRST

2013-07-17 17:28 - 2013-07-17 17:28 - 00002227 _____ C:\Users\blakeandjen\Desktop\ESET results.txt

2013-07-17 15:16 - 2013-07-17 15:16 - 02347384 _____ (ESET) C:\Users\blakeandjen\Downloads\esetsmartinstaller_enu (1).exe

2013-07-17 11:39 - 2013-07-17 11:39 - 00000000 ____D C:\Program Files (x86)\ESET

2013-07-17 11:17 - 2013-07-17 11:24 - 02347384 _____ (ESET) C:\Users\blakeandjen\Downloads\esetsmartinstaller_enu.exe

2013-07-17 11:10 - 2013-07-17 11:10 - 00007935 _____ C:\Users\blakeandjen\Desktop\AdwCleaner[s1].txt

2013-07-17 11:08 - 2013-07-17 11:08 - 00007935 _____ C:\AdwCleaner[s1].txt

2013-07-17 11:08 - 2013-07-17 11:08 - 00001717 _____ C:\Windows\DeleteOnReboot.bat

2013-07-17 11:04 - 2013-07-17 11:06 - 00662345 _____ C:\Users\blakeandjen\Downloads\AdwCleaner (1).exe

2013-07-17 11:03 - 2013-07-17 11:04 - 00662345 _____ C:\Users\blakeandjen\Downloads\AdwCleaner.exe

2013-07-17 11:01 - 2013-07-17 11:01 - 00003174 _____ C:\Windows\System32\Tasks\{714F9E99-B56D-44C0-9DFD-2E093B96FA95}

2013-07-17 10:59 - 2013-07-17 11:00 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT (3).exe

2013-07-17 10:57 - 2013-07-17 10:58 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT (2).exe

2013-07-17 10:50 - 2013-07-17 10:55 - 00288131 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT (1).exe

2013-07-17 10:50 - 2013-07-17 10:50 - 00003162 _____ C:\Windows\System32\Tasks\{1F5191D5-3FB1-4572-A6FF-957C4B97AB7D}

2013-07-17 10:41 - 2013-07-17 10:44 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT.exe

2013-07-17 07:40 - 2013-07-17 07:40 - 00000000 ____D C:\Users\blakeandjen\Downloads\mbar-1.06.0.1004

2013-07-17 07:39 - 2013-07-17 07:39 - 13399154 _____ C:\Users\blakeandjen\Downloads\mbar-1.06.0.1004.zip

2013-07-17 07:38 - 2013-07-17 07:38 - 00001669 _____ C:\Users\blakeandjen\Desktop\RKreport[0]_S_07172013_073830.txt

2013-07-17 07:36 - 2013-07-17 07:38 - 00000000 ____D C:\Users\blakeandjen\Desktop\RK_Quarantine

2013-07-17 07:36 - 2013-07-17 07:36 - 03778560 _____ C:\Users\blakeandjen\Downloads\RogueKillerX64.exe

2013-07-17 07:28 - 2013-07-17 07:28 - 00000000 ____D C:\Windows\ERDNT

2013-07-17 07:26 - 2013-07-17 07:27 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-07-17 07:25 - 2013-07-17 07:25 - 00791393 _____ (Lars Hederer ) C:\Users\blakeandjen\Downloads\erunt-setup.exe

2013-07-16 23:20 - 2013-07-16 23:20 - 00688992 ____R (Swearware) C:\Users\blakeandjen\Downloads\dds.scr

2013-07-16 23:20 - 2013-07-16 23:20 - 00018063 _____ C:\Users\blakeandjen\Desktop\dds.txt

2013-07-16 23:20 - 2013-07-16 23:20 - 00013241 _____ C:\Users\blakeandjen\Desktop\attach.txt

2013-07-16 23:13 - 2011-09-25 06:21 - 00000204 _____ C:\Users\Public\Desktop\My Identity Protection.url

2013-07-16 23:04 - 2013-07-16 23:13 - 00001964 _____ C:\Users\blakeandjen\Desktop\unhide.txt

2013-07-16 23:04 - 2013-07-16 23:04 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\blakeandjen\Downloads\unhide.exe

2013-07-16 23:02 - 2013-07-16 23:04 - 00002502 _____ C:\Users\blakeandjen\Desktop\Rkill.txt

2013-07-16 23:02 - 2013-07-16 23:02 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\blakeandjen\Downloads\rkill.exe

2013-07-16 23:02 - 2013-07-16 23:02 - 00000000 ____D C:\Users\blakeandjen\Desktop\rkill

2013-07-16 23:00 - 2013-07-16 23:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\blakeandjen\Downloads\mbam-setup-1.75.0.1300 (3).exe

2013-07-16 22:58 - 2013-07-16 22:58 - 01440846 _____ C:\Users\blakeandjen\Downloads\mbam-chameleon-1.62.1.1000.zip

2013-07-16 22:39 - 2013-07-16 22:39 - 00001375 _____ C:\Users\blakeandjen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-07-16 22:26 - 2013-07-16 22:26 - 00002188 _____ C:\Users\blakeandjen\Downloads\28919-ie8-rereg.zip

2013-07-16 22:24 - 2013-07-16 22:24 - 01624136 _____ (Bandoo Media Inc) C:\Users\blakeandjen\Downloads\iLividSetup-r394-n-bc (1).exe

2013-07-16 22:22 - 2013-07-16 22:22 - 01624136 _____ (Bandoo Media Inc) C:\Users\blakeandjen\Downloads\iLividSetup-r394-n-bc.exe

2013-07-16 22:21 - 2013-07-16 22:21 - 00163408 _____ () C:\Users\blakeandjen\Downloads\InternetExplorer78and9repairscript32bit_downloader_by_FileTrip (1).exe

2013-07-16 22:20 - 2013-07-16 22:20 - 00163408 _____ () C:\Users\blakeandjen\Downloads\InternetExplorer78and9repairscript32bit_downloader_by_FileTrip.exe

2013-07-16 22:16 - 2013-07-16 22:16 - 00000229 _____ C:\Users\blakeandjen\Desktop\Enabie3.reg

2013-07-16 21:32 - 2013-07-16 21:32 - 01110478 _____ C:\Users\blakeandjen\Downloads\ProcessMonitor.zip

2013-07-16 20:42 - 2013-07-16 20:42 - 00000000 ____D C:\Program Files (x86)\ARO 2013

2013-07-16 20:41 - 2013-07-16 20:41 - 04887880 _____ (Support.com ) C:\Users\blakeandjen\Downloads\ARO2013_tbt.exe

2013-07-16 20:41 - 2013-07-16 20:41 - 04887880 _____ (Support.com ) C:\Users\blakeandjen\Downloads\ARO2013_tbt (1).exe

2013-07-16 20:40 - 2013-07-16 20:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\blakeandjen\Downloads\mbam-setup-1.75.0.1300 (2).exe

2013-07-16 20:25 - 2013-07-16 20:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\blakeandjen\Downloads\mbam-setup-1.75.0.1300 (1).exe

2013-07-16 20:12 - 2013-07-16 20:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\blakeandjen\Downloads\mbam-setup-1.75.0.1300.exe

2013-07-14 14:32 - 2013-07-14 14:32 - 00675988 _____ C:\Users\blakeandjen\Desktop\Minecraft.exe

2013-07-14 14:14 - 2013-07-15 20:24 - 00000000 ___RD C:\Users\blakeandjen\Desktop\Minecraft Server

2013-07-14 09:54 - 2013-07-14 09:54 - 00089836 _____ C:\Users\blakeandjen\Documents\fish hawk.skp

2013-07-13 06:36 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-13 06:36 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-13 06:36 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-13 06:36 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-13 06:36 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-13 06:36 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-13 06:36 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-13 06:36 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-13 06:36 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-13 06:36 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-13 06:36 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-13 06:36 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-13 06:36 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-13 06:36 - 2013-06-11 19:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-13 06:36 - 2013-06-11 19:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-13 06:36 - 2013-06-11 19:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-13 06:36 - 2013-06-11 19:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-13 06:36 - 2013-06-11 19:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-13 06:36 - 2013-06-11 19:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-13 06:36 - 2013-06-11 19:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-13 06:36 - 2013-06-11 19:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-13 06:36 - 2013-06-11 19:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-13 06:36 - 2013-06-11 19:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-13 06:36 - 2013-06-11 19:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-13 06:36 - 2013-06-11 19:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-13 06:36 - 2013-06-11 19:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-13 06:36 - 2013-06-11 19:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-13 06:36 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-13 06:36 - 2013-06-11 18:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-07-13 06:36 - 2013-06-06 23:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-13 06:36 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-12 22:02 - 2013-07-12 22:02 - 02221471 _____ C:\Users\blakeandjen\Documents\donavan.skp

2013-07-12 21:56 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-07-12 21:56 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2013-07-12 21:56 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2013-07-12 21:56 - 2013-05-27 11:11 - 08553892 _____ C:\Users\blakeandjen\Documents\man.skb

2013-07-12 21:56 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-12 21:56 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-12 21:55 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-07-12 21:55 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-07-10 22:59 - 2013-07-10 22:59 - 00000000 ____D C:\Users\blakeandjen\AppData\Roaming\Mozilla

2013-07-10 07:53 - 2013-07-10 07:53 - 04249600 _____ C:\Program Files (x86)\GUT40CD.tmp

2013-07-10 07:53 - 2013-07-10 07:53 - 00000000 ____D C:\Program Files (x86)\GUM40CC.tmp

2013-07-06 19:50 - 2013-07-06 19:50 - 00024514 _____ C:\Users\blakeandjen\Documents\JGNJBGMCJMFCMG,FK,.skp

2013-07-04 08:09 - 2013-07-04 08:09 - 00014542 _____ C:\Users\blakeandjen\Downloads\hs_err_pid2448.log

2013-07-02 09:42 - 2013-07-02 09:42 - 00014399 _____ C:\Users\blakeandjen\Downloads\hs_err_pid6476.log

2013-07-02 07:01 - 2013-07-02 07:01 - 00015473 _____ C:\Users\blakeandjen\Downloads\hs_err_pid2856.log

2013-06-26 20:50 - 2013-06-26 20:50 - 06953496 _____ (Microsoft Corporation) C:\Users\blakeandjen\Downloads\Silverlight.exe

2013-06-26 09:11 - 2013-06-26 09:11 - 00014413 _____ C:\Users\blakeandjen\Downloads\hs_err_pid3996.log

2013-06-22 14:32 - 2013-06-22 14:32 - 02129302 _____ C:\Users\blakeandjen\Documents\jyitlu5dhr4se6twt4r5yiu=o78p[9oiuhrgtedryiugoyi.skp

2013-06-22 11:35 - 2013-06-22 11:37 - 00015595 _____ C:\Users\blakeandjen\Downloads\hs_err_pid6820.log

2013-06-21 10:15 - 2013-06-21 10:29 - 00000000 ____D C:\Users\blakeandjen\Desktop\2013-06-21 iPhone June 21 2013

2013-06-21 07:56 - 2013-06-21 07:56 - 10303127 _____ C:\Users\blakeandjen\Documents\685+9478+64.skp

==================== One Month Modified Files and Folders =======

2013-07-17 17:29 - 2013-07-17 17:29 - 01778209 _____ (Farbar) C:\Users\blakeandjen\Downloads\FRST64.exe

2013-07-17 17:29 - 2013-07-17 17:29 - 00000000 ____D C:\FRST

2013-07-17 17:28 - 2013-07-17 17:28 - 00002227 _____ C:\Users\blakeandjen\Desktop\ESET results.txt

2013-07-17 17:12 - 2012-01-07 22:50 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-07-17 16:15 - 2009-07-14 01:13 - 00779788 _____ C:\Windows\system32\PerfStringBackup.INI

2013-07-17 16:12 - 2011-09-25 07:10 - 01444417 _____ C:\Windows\WindowsUpdate.log

2013-07-17 15:16 - 2013-07-17 15:16 - 02347384 _____ (ESET) C:\Users\blakeandjen\Downloads\esetsmartinstaller_enu (1).exe

2013-07-17 11:39 - 2013-07-17 11:39 - 00000000 ____D C:\Program Files (x86)\ESET

2013-07-17 11:24 - 2013-07-17 11:17 - 02347384 _____ (ESET) C:\Users\blakeandjen\Downloads\esetsmartinstaller_enu.exe

2013-07-17 11:16 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-17 11:16 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-07-17 11:10 - 2013-07-17 11:10 - 00007935 _____ C:\Users\blakeandjen\Desktop\AdwCleaner[s1].txt

2013-07-17 11:09 - 2012-11-17 14:26 - 00000426 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job

2013-07-17 11:09 - 2012-01-07 22:50 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-07-17 11:09 - 2011-09-25 05:50 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2013-07-17 11:09 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-07-17 11:09 - 2009-07-14 00:51 - 00057141 _____ C:\Windows\setupact.log

2013-07-17 11:08 - 2013-07-17 11:08 - 00007935 _____ C:\AdwCleaner[s1].txt

2013-07-17 11:08 - 2013-07-17 11:08 - 00001717 _____ C:\Windows\DeleteOnReboot.bat

2013-07-17 11:06 - 2013-07-17 11:04 - 00662345 _____ C:\Users\blakeandjen\Downloads\AdwCleaner (1).exe

2013-07-17 11:04 - 2013-07-17 11:03 - 00662345 _____ C:\Users\blakeandjen\Downloads\AdwCleaner.exe

2013-07-17 11:01 - 2013-07-17 11:01 - 00003174 _____ C:\Windows\System32\Tasks\{714F9E99-B56D-44C0-9DFD-2E093B96FA95}

2013-07-17 11:00 - 2013-07-17 10:59 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT (3).exe

2013-07-17 10:58 - 2013-07-17 10:57 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT (2).exe

2013-07-17 10:55 - 2013-07-17 10:50 - 00288131 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT (1).exe

2013-07-17 10:50 - 2013-07-17 10:50 - 00003162 _____ C:\Windows\System32\Tasks\{1F5191D5-3FB1-4572-A6FF-957C4B97AB7D}

2013-07-17 10:44 - 2013-07-17 10:41 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT.exe

2013-07-17 09:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF

2013-07-17 08:04 - 2010-11-20 23:47 - 00032206 _____ C:\Windows\PFRO.log

2013-07-17 07:40 - 2013-07-17 07:40 - 00000000 ____D C:\Users\blakeandjen\Downloads\mbar-1.06.0.1004

2013-07-17 07:39 - 2013-07-17 07:39 - 13399154 _____ C:\Users\blakeandjen\Downloads\mbar-1.06.0.1004.zip

2013-07-17 07:38 - 2013-07-17 07:38 - 00001669 _____ C:\Users\blakeandjen\Desktop\RKreport[0]_S_07172013_073830.txt

2013-07-17 07:38 - 2013-07-17 07:36 - 00000000 ____D C:\Users\blakeandjen\Desktop\RK_Quarantine

2013-07-17 07:36 - 2013-07-17 07:36 - 03778560 _____ C:\Users\blakeandjen\Downloads\RogueKillerX64.exe

2013-07-17 07:28 - 2013-07-17 07:28 - 00000000 ____D C:\Windows\ERDNT

2013-07-17 07:27 - 2013-07-17 07:26 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-07-17 07:25 - 2013-07-17 07:25 - 00791393 _____ (Lars Hederer ) C:\Users\blakeandjen\Downloads\erunt-setup.exe

2013-07-16 23:20 - 2013-07-16 23:20 - 00688992 ____R (Swearware) C:\Users\blakeandjen\Downloads\dds.scr

2013-07-16 23:20 - 2013-07-16 23:20 - 00018063 _____ C:\Users\blakeandjen\Desktop\dds.txt

2013-07-16 23:20 - 2013-07-16 23:20 - 00013241 _____ C:\Users\blakeandjen\Desktop\attach.txt

2013-07-16 23:13 - 2013-07-16 23:04 - 00001964 _____ C:\Users\blakeandjen\Desktop\unhide.txt

2013-07-16 23:04 - 2013-07-16 23:04 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\blakeandjen\Downloads\unhide.exe

2013-07-16 23:04 - 2013-07-16 23:02 - 00002502 _____ C:\Users\blakeandjen\Desktop\Rkill.txt

2013-07-16 23:02 - 2013-07-16 23:02 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\blakeandjen\Downloads\rkill.exe

2013-07-16 23:02 - 2013-07-16 23:02 - 00000000 ____D C:\Users\blakeandjen\Desktop\rkill

2013-07-16 23:01 - 2012-12-21 00:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware